This tech tip is designed to provide some insight into how to integrate Active Directory with CIMCO Manufacturing Data Management (MDM). This will enable your IT department to directly manage group memberships, passwords, and add or remove users within the MDM user base. This saves them the time of learning a new tool while allowing them to work in the familiar tools they use every day. This will also result in all your company’s password complexity, length, and history rules applying to CIMCO MDM as well.
Active Directory
There is a little bit of setup that needs to be done on the domain side for this to work correctly. We need to create an Active Directory security group for each group that we want to control with Windows. Once we have the groups, we can assign them to MDM user groups and add users to them from Active Directory users and computers (ADUC).
Creating a security group
To create a security group in Active Directory, right-click in the folder that you want to create it in, click on “New”(1) and “Group”(2)
In the pop-up, give the new group a name (1), select “Domain local” as the Group Scope (2) and “Security” as the Group type (3).
Adding users to the security group
Users are added/removed the same way as any other group in AD. They can be added under group properties or in the user’s properties. In the properties for the group, you can see a list of all the current members.
Likewise, in the properties for a user, you can see what groups they are a member of.
Enabling Active Directory in MDM
For this to work, there are two parts that need to be configured in MDM. First, we need to configure the domain info in MDM. Second, we need to assign the AD security groups to the corresponding user groups in MDM.
Domain configuration
In MDM, open the configuration and click on “Database Server” under “Database Configuration” (1). Check the “Enabled” box under “Active Directory” and enter the name of the domain (2).
User configuration
This is configured on the user group level. It does not apply to specific users. Individual users do not even need to be configured in MDM. You will notice that AD configured users do not show up in the user list for a group.
In the MDM configuration under “User Groups” (1), select the group you want to assign to an AD security group (2), and click “Edit” (3).
Enter the name of the corresponding group under “Active Directory Group”
Clicking on the green checkbox will provide a list of users from AD
The steps are repeated for each group in MDM.
We asked for Single Sign On to be added to MDM, the developer agreed to include it in an upcoming release. This will allow your users to authenticate via windows and not have to type a username or password.
Optional Step: Client Configuration
This last step isn’t necessary but, more of a quality of life change. We can tell the MDM clients to use the Windows logon name which will prevent the user from having to locate their name in the MDM user list during sign-on. MDM currently does not store domain passwords so it is not possible to configure single sign-on at this time. There has been some interest in this ability from the community so it is likely that we will see this feature in the future.
To enable this option, click on “Client configuration” tab in the MDM configuration (1) and check the “Use Windows logon name” box (2).
Conclusion
Once everything is set up, the person responsible for managing domain user accounts will now add or remove users to the proper MDM group at the time of account creation/modification. Additionally, if you’re changing an existing installation, domain users can be deployed alongside existing users. You can add someone’s domain account to the same group as their MDM internal user and migrate existing users over. Once they start using the new login, you can disable the built-in user. Now you have centralized user control for your mission critical files.
In addition to MDM, CIMCO MDC also supports Active Directory, empowering you to save time and provide ease of management of your users.
If you’d like to discuss optimizing your CIMCO Software or learn more about CIMCO MDM and our unique approach, contact us.
